Notice that you get the form data from the sign function by calling r.FormValue.

The form data is passed to guestbookTemplate.Execute and the rendered HTML
page is written to http.ResponseWriter.

Finally, notice the use of
html/template
to automatically filter content to escape HTML special characters. This
prevents a class of script injection attacks. For more details on the templating
language, see the text/template
package documentation.